I recently noticed that Tor 0.2.0.31 is now giving warnings that it is obsolete.

http://www.torproject.org/ indicates that significant security holes have recently been fixed, and strongly recommends that people should upgrade to the latest stable version (0.2.0.34).

Note that the 0.1.2.* versions of Tor are now designated as 'end-of-life'.

For those who wish to upgrade, ﻿here are dotpets for Tor 0.2.0.34 and Privoxy 3.0.11.

I have rebuilt them from the previous dotpets for Tor and Privoxy (the Privoxy dotpet uses the latest Privoxy from Debian Sid); the Tor dotpet uses the latest Tor from Slackware 12.

Please note, these are as far as possible direct clones of GuestToo's original dotpups, so they install into /root/my-roxapps, /root/my-applications and subdirectories: this is to avoid having to modify the existing (working) scripts!

Additional libraries (e.g. libevent-1.4.so.2) install into subdirectories of /root/my-applications). The scripts ensure that these will be found when running Privoxy and Tor - however, PETGET will nevertheless probably give warnings that there are missing dependencies when you install the packages. This is because directories like /root/my-applications/tor/lib aren't on the standard search path.

Tor is software that allows connection to an anonymizing network of servers. While it's possible to configure a browser to connect directly to the Tor network, it's more secure to route traffic through a proxy first.

Privoxy provides such a locally-based proxy. It also provides significant benefits in terms of filtering unwanted cookies and general internet 'crud' that browsers are often fed by websites - you control exactly what it filters by modifying its config files.

G'day,
Default port for Https is 443 - this is not a good port to be opened as credit card info goes through this - so it is highly monitored and therefore vulnerable to attacks.

Wondering how to change the config file to change the port to say 80; which is the port for http.
Cheers
Martin_________________Toowoomba Linux Community
http://groups.google.com/group/toowoombalinux
Puppy Linux 301 - KDE 3.5.8

A few thoughts, however:
1. https is encrypted, http is not, - so http would probably not benefit from an additional layer of security (as for https) if used.
2. Tor traffic is internally encrypted anyway.
3. Tor is anonymity software, not security software. It makes it hard for anyone to trace what you're doing, but there is nothing to stop the bad guys setting up rogue exit nodes and redirecting you to somewhere other than the place you thought you were going to. In that case, you'd end up with a connection to a server that can quite happily log your details - Tor makes 'man-in-the-middle' attacks much easier. So I would never send my credit card details over Tor, or any other information that could personally identify me.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum